-
Notifications
You must be signed in to change notification settings - Fork 685
Running Tails with a persistent volume in Qubes
Note: while this might allow you to run Tails inside QubesOS, operating it this way is unsupported, changes its security properties and likely breaks some behaviour. Do not use Tails this way unless you know what you're doing. For more information see also Qubes Community documentation for running Tails.
Tails operates on the assumption that it will be installed on a USB stick. For SecureDrop, quite a few developers make extensive use of QubesOS, so a virtualised Tails experience with persistent storage can make some workflows less cumbersome.
Unfortunately, QubesOS does not support booting VMs from external devices (rather than emulated internal disks or CD-ROMs), Tails however can be tricked into booting from a hard disk. Booting just the regular Tails image from the (virtual) hard disk breaks the ability to configure the persistent storage, but if the image that is booted is of a USB stick that already set it with it up, we can get an (almost) full Tails experience in the shape of a qube!
- Get a USB stick to install Tails on. The size of the stick will affect the size of your tails VM, due to the way persistent storage is configured
- Install Tails on a USB stick, as you would do otherwise
- Boot with that stick, and configure persistent storage. The GUI and command line tool will not be acccessible in the virtualised environment, so make sure you're getting the configuration right this time around!
- When done, attach it to your Qubes machine, and spin up disposable VM, and attach the stick to that VM
- Create a new HVM qube (a.k.a. "install your own OS"), deselect "install system from device" and select "launch settings after creation"
- In the settings dialog, change the system storage size to match that of the USB stick you set up
- Open a dom0 Terminal, and run
qvm-run -p $dispVM "sudo cat /dev/sda" | sudo dd status=progress of=/dev/mapper/qubes_dom0-vm--$qubename-root
, replacing$dispVM
with the name of your disposable VM and$qubename
with the name of your qube. This will write the USB stick's contents to your qube's system disk - When the command finishes, you can shut down the disposable VM and remove the USB stick
- Boot your new Tails qube
- When the syslinux boot screen shows up, press tab to edit the boot parameters
- Remove the
live-media=removable
parameter and press enter - Enjoy Tails 🎉
For network connectivity please refer to Qubes Community documentation for running Tails.
- Updating Tails